Featured Slideshow

In a Dallas courtroom on Thursday, writer and activist Barrett Brown was sentenced to 63 months in prison and was ordered to pay a little more than $890,000 in restitution and fines, according to reports.

Upcoming Live Events

Be sure to stay tuned for breaking news on our 2015 conference and expo, which promises to deliver even more innovative programming and an enhanced showcase of the latest cyber security solutions you must see.

Threat of the month: Java vulnerabilities

Multiple vulnerabilities have been reported in Oracle Java versions prior to 7 Update 51, whereas several of them are remote code execution vulnerabilities. These vulnerabilities can allow an attacker full access to an affected system.

How does it work?
These vulnerabilities mostly reflect the same types as we saw the last time Java was patched. It is important to note that some of these issues can be leveraged by simply persuading a user into visiting a web page that contains malicious Java content.

Should I be worried?
Yes, you should always be concerned about vulnerabilities in such a mainstream product, where attackers need to perform less work to hit a higher amount of victims. We are bound to see the vulnerabilities beginning to surface in frameworks such as Metasploit. Users should show caution when visiting untrusted web sites if their systems are not fully patched.

How can I prevent it?

Oracle has issued version 7 Update 51, which fixes the vulnerabilities and any system using an older version should update to this version. Users should also always remove older versions of Java on their devices, when they have updated to the new, secure version.

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.